In the last months, looking for similar experiences to take into account while defining a Core Criterion-core Evidence ontology I found that the Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC)has many analogies with our Use Case

It is an international standard (ISO/IEC 15408) for computer security certification, defining a framework in which:

1) computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs);

2) vendors can then implement and/or make claims about the security attributes of their products;

3) testing laboratories can evaluate the products to determine if they actually meet the claims.

Common Criteria framework defines guidelines to conduct in a rigorous and standard and repeatable manner the process of specification, implementation and evaluation of a computer security product.

Common Criteria is used as the basis for a Government driven certification scheme and typically evaluations are conducted for the use of Federal Government agencies and critical infrastructure